Файл: vsime.com/forum/inc/act_index.php
Строк: 192
<?
ex_head();
if (isset($moderate_forum))
{
if (isset($_GET['moderate']) && $_GET['moderate']=='delete_forum')
{
if(isset($moderate_forum) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['forum'])."' AND `type` = 'forum' AND `id_comm` = '0'"))!=0)
{
$forum=mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['forum'])."' AND `type` = 'forum' AND `id_comm` = '0'");
$forum=mysqli_fetch_array($forum);
$count_cats = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_forum` = '$forum[id]' AND `type` = 'cat' AND `id_comm` = '0'"));
if ($count_cats > 0)
{
show_errors("Вы не сможете удалить подфорум, пока в нем находится хоть один раздел");
}
else
{
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `forum` WHERE `id` = '$forum[id]' AND `type` = 'forum' AND `id_comm` = '0'");
$queryuery_cats = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `id_forum` = '$forum[id]'");
while ($post_cats = mysqli_fetch_array($queryuery_cats))
{
$queryuery_topics = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'topic' AND `id_cat` = '$post_cats[id]'");
while ($post_topics = mysqli_fetch_array($queryuery_topics))
{
mysqli_query($dbi, "DELETE FROM `forum` WHERE `id` = '$post_topics[id]' AND `type` = 'topic'");
mysqli_query($dbi, "DELETE FROM `forum_komm` WHERE `id_comm` = '0' AND `id_topic` = '$post_topics[id]' LIMIT 1");
if ($post_topics['poll']==1) {
mysqli_query($dbi, "DELETE FROM `forum_poll` WHERE `id_topic` = '$post_topics[id]' LIMIT 1");
mysqli_query($dbi, "DELETE FROM `forum_pollen` WHERE `id_topic` = '$post_topics[id]' LIMIT 1");
}
}
mysqli_query($dbi, "DELETE FROM `forum` WHERE `id` = '$post_cats[id]' AND `type` = 'cat' AND `id_comm` = '0'");
}
header("Location: /forum");
exit;
} else hacked_by_Killer();
}
echo "<form method='POST'>n";
echo "<div class='freespace'>n";
echo "Подтвердите удаление подфорума<br/>n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Удалить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/forum'>Отмена</a>n";
echo "</div>n";
}
ex_foot();
}
}
if (isset($_GET['moderate']) && $_GET['moderate']=='edit_forum')
{
if(isset($moderate_forum) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['forum'])."' AND `type` = 'forum' AND `id_comm` = '0'"))!=0)
{
$forum=mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['forum'])."' AND `type` = 'forum' AND `id_comm` = '0'");
$forum=mysqli_fetch_array($forum);
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['desc']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name=$_POST['name'];
$desc=$_POST['desc'];
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `name` = '$name' AND `id` != '$forum[id]' AND `type` = 'forum' AND `id_comm` = '0'"))!=0)$error[]="Такой подфорум уже есть.";
elseif(strlen2($name)>50 || strlen2(trim($name))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов.";
elseif(strlen2($desc)>512)$error[]="Описание должно быть не больше 512-ти символов.";
$name=my_esc($name);
$desc=my_esc($desc);
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `forum` SET `name` = '$name', `desc` = '$desc' WHERE `id` = '$forum[id]' AND `type` = 'forum' AND `id_comm` = '0'");
header("Location: /forum");
exit;
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br/>n";
echo "<input type='text' name='name' value='".input_value($forum['name'])."'><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание:<br/>n";
echo "<textarea name='desc' rows='5' cols='17' style='width: 95%'>".input_value($forum['desc'])."</textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/forum'>Отмена</a>n";
echo "</div>n";
ex_foot();
}
}
if (isset($_GET['moderate']) && $_GET['moderate']=='add_forum')
{
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['desc']))
{
if (hsc(@$_POST['mdp']) == $mdp) {
$name=$_POST['name'];
$desc=$_POST['desc'];
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'forum' AND `name` = '$name'"))!=0)$error[]="Такой подфорум уже есть.";
elseif(strlen2($name)>50 || strlen2(trim($name))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов.";
elseif(strlen2($desc)>512)$error[]="Описание должно быть не больше 512-ти символов.";
$name=my_esc($name);
$desc=my_esc($desc);
if (!isset($error))
{
$pos = mysqli_result("SELECT MAX(`pos`) FROM `forum` WHERE `id_comm` = '0' AND `type` = 'forum'") + 1;
mysqli_query($dbi, "INSERT INTO `forum` (`id_comm`, `type`, `name`, `desc`, `pos`) VALUES ('0', 'forum', '$name', '$desc', '$pos')");
header("Location: /forum");
exit;
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br/>n";
echo "<input type='text' name='name' value=''><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Описание:<br/>n";
echo "<textarea name='desc' rows='5' cols='17' style='width: 95%'></textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Добавить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/forum'>Отмена</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['up']))
{
if (hsc(@$_GET['mdp']) == $mdp) {
$up=mysqli_fetch_assoc(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'forum' AND `id` = '".intval($_GET['up'])."' LIMIT 1"));
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'forum' AND `pos` < '$up[pos]' LIMIT 1"))!=0)
{
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($up['pos'])."' WHERE `pos` = '".($up['pos']-1)."' AND `type` = 'forum' AND `id_comm` = '0' LIMIT 1");
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($up['pos']-1)."' WHERE `id` = '".intval($_GET['up'])."' AND `type` = 'forum' AND `id_comm` = '0' LIMIT 1");
}
} else hacked_by_Killer();
}
elseif (isset($_GET['down']))
{
if (hsc(@$_GET['mdp']) == $mdp) {
$down=mysqli_fetch_assoc(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'forum' AND `id` = '".intval($_GET['down'])."' LIMIT 1"));
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'forum' AND `pos` > '$down[pos]' LIMIT 1"))!=0)
{
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($down['pos'])."' WHERE `pos` = '".($down['pos']+1)."' AND `type` = 'forum' AND `id_comm` = '0' LIMIT 1");
mysqli_query($dbi, "UPDATE `forum` SET `pos` = '".($down['pos']+1)."' WHERE `id` = '".intval($_GET['down'])."' AND `type` = 'forum' AND `id_comm` = '0' LIMIT 1");
}
} else hacked_by_Killer();
}
}
?>
<!--
качественные моды от Killer
делаю моды любой сложности на DCMS 6, 7
Благодарность: R408800828608
-->
<?
echo "<div class='grand_h'>n";
echo "$config[code_search] <a href='/search/?act=topics&from=forum'>Поиск тем</a>n";
echo "</div>n";
$queryuery = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'forum' ORDER BY `pos` ASC");
if (!mysqli_num_rows($queryuery))
{
echo "<div class='list'>n";
echo "Нет подфорумовn";
echo "</div>n";
}
while ($post = mysqli_fetch_array($queryuery))
{
$count_topics = 0;
$count_topics_new = 0;
$queryuery_cats = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'cat' AND `id_forum` = '$post[id]'");
while ($post_cats = mysqli_fetch_array($queryuery_cats))
{
$count_topics=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'topic' AND `id_cat` = '$post_cats[id]'"))+$count_topics;
$count_topics_new=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '0' AND `type` = 'topic' AND `time` > '".($time-(3600*24))."' AND `id_cat` = '$post_cats[id]'"))+$count_topics_new;
}
$count_topics_show=$count_topics.($count_topics_new>0?"/+$count_topics_new":NULL);
echo " <div class='list'>n";
echo "<img src='/i/site/forum.png' /> <a href='?act=forum&id=$post[id]'>".htmlspecialchars($post['name'])."</a> <span class='count_elts'>($count_topics_show)</span>n";
if (isset($moderate_forum))
{
echo "<span class='right'>n";
if(isset($_GET['moderate']))echo "<a href='?moderate&up=$post[id]&mdp=$mdp'>$config[code_up]</a> <a href='?moderate&down=$post[id]&mdp=$mdp'>$config[code_down]</a>n";
echo " <a href='?moderate=edit_forum&forum=$post[id]'>$config[code_edit]</a> <a href='?moderate=delete_forum&forum=$post[id]'>$config[code_delete]</a>n";
echo "</span>n";
}
echo ($post['desc']!=NULL?"<br/>n".output_text($post['desc'], 1).'<br/>':NULL);
echo "</div>n";
}
echo "<div class='mod_grad'>n";
if (isset($moderate_forum))
{
echo "$config[code_add] <a href='?moderate=add_forum'>Добавить подфорум</a><br />n";
echo "<img src='/i/site/configure.png' /> ".(isset($_GET['moderate'])?"<a href='/forum'>Отмена</a>":"<a href='?moderate'>Управление</a>")."<br />n";
}
echo "<img src='/i/user_icons/mod_man_on.png' /> <a href='/ihelp/?read=20'>Список модераторов</a><br />n";
echo "</div>n";
ex_foot();
?>